<?php /** * getstatus.php 动态获取订单状态 */ header("Content-type: text/html; charset=utf-8"); include "include/dbconn.php"; //require_once("usercheck.php"); $orderid = sqlReplace(trim($_GET['id'])); $orderkey = sqlReplace(trim($_GET['key'])); $url = empty($_GET['url']) ? '' : sqlReplace(trim($_GET['url'])); $sql = "select * from " . WIIDBPRE . "_order where order_id=" . $orderid; $rs = mysql_query($sql); $row = mysql_fetch_assoc($rs); //检查是否可以催餐 $isHurry_30 = false; $isHurry_45 = false; $isHurry_60 = false; $sql = "select * from " . WIIDBPRE . "_orderchange where orderchange_type='1' and orderchange_hurry='0' and orderchange_order='" . $row['order_id2'] . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $isHurry_30 = true; } $sql = "select * from " . WIIDBPRE . "_orderchange where orderchange_type='1' and orderchange_hurry='1' and orderchange_order='" . $row['order_id2'] . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $isHurry_45 = true; } $sql = "select * from " . WIIDBPRE . "_orderchange where orderchange_type='1' and orderchange_hurry='2' and orderchange_order='" . $row['order_id2'] . "'";
$row = mysql_fetch_assoc($result); if (!$row) { alertInfo('您要删除的订单不存在', 'userorder.php?key=' . $key . $url, 0); } else { $sql2 = "delete from qiyu_order where order_id=" . $v; if (!mysql_query($sql2)) { alertInfo('删除失败!原因:SQL删除失败。', "", 1); } } } alertInfo('删除成功', 'userorder.php?key=' . $key . $url, 0); break; case 'xxfinish': //批量完成 $idlist = $_POST['idlist']; $key = sqlReplace(trim($_GET['key'])); if (!$idlist) { alertInfo('请选择', 'userorder.php?key=' . $key . $url, 0); } foreach ($idlist as $k => $v) { $sql3 = "select * from qiyu_order where order_id ='" . $v . "' and order_status='1'"; $rs3 = mysql_query($sql3); $row3 = mysql_fetch_assoc($rs3); if (!$row3) { alertInfo('订单不存在', 'userorder.php?key=' . $key . $url, 0); } else { $order = $row3['order_id2']; $sql2 = "update qiyu_order set order_status='4' where order_id='" . $v . "' and order_status='1'"; if (mysql_query($sql2)) { //添加订单记录 $orderContent = "<span class='greenbg'><span><span>订单已完成</span></span></span>";
<?php require_once "usercheck.php"; $shopID = sqlReplace(trim($_GET['shopID'])); $sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if (!$rows) { alertInfo("错误", "index.php", 0); } if (!empty($QIYU_ID_USER)) { $sqlStr = "select * from qiyu_user where user_id=" . $QIYU_ID_USER; $result = mysql_query($sqlStr); $row = mysql_fetch_assoc($result); if ($row) { $user_phone = $row['user_phone']; } } else { $user_phone = $_SESSION['user_phone']; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="style.css" type="text/css"/> <script src="js/jquery-1.3.1.js" type="text/javascript"></script> <title> 验证手机号 - <?php echo $SHOP_NAME; ?> - <?php
/** * userlogin_do.php 登录操作 */ require 'include/dbconn.php'; $user_account = sqlReplace(trim($_POST['z_phone'])); $loginUrl = $_SESSION['login_url']; $pw = sqlReplace(trim($_POST['pw'])); $cookie = empty($_POST['cookie']) ? "" : sqlReplace($_POST['cookie']); $re_name = empty($_POST['re_name']) ? "" : sqlReplace($_POST['re_name']); $sinaUid = empty($_SESSION['sinaUid']) ? '' : sqlReplace($_SESSION['sinaUid']); $sinaNick = empty($_SESSION['sinaNick']) ? '' : sqlReplace($_SESSION['sinaNick']); $p = empty($_GET['p']) ? '' : sqlReplace(trim($_GET['p'])); //从订单页来的标示 $shopID = empty($_GET['shopID']) ? '0' : sqlReplace(trim($_GET['shopID'])); $shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot'])); $shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle'])); checkData($user_account, '手机号', 1); checkData($pw, '密码', 1); $sqlStr = "select * from " . WIIDBPRE . "_user where user_account='" . $user_account . "'"; $result = mysql_query($sqlStr) or die("查询失败,请检查SQL语句。"); $row = mysql_fetch_assoc($result); if ($row) { $ip = $_SERVER['REMOTE_ADDR']; $pwd = md5(md5($pw . $row['user_salt'])); $sql = "select * from qiyu_user where user_account='" . $user_account . "' and user_password='******'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $sql2 = "update qiyu_user set user_experience=user_experience+" . expUserLogin . " where user_account='" . $user_account . "' and user_password='******'"; mysql_query($sql2); date_default_timezone_set('PRC');
<?php /** * demand.php 提交需求 */ require 'include/dbconn.php'; $content = sqlReplace(trim($_GET['content'])); checkData($content, '内容', 1); $ip = $_SERVER['REMOTE_ADDR']; $sql = "insert into " . WIIDBPRE . "_demand(demand_content,demand_addtime,demand_ip) values('" . $content . "',now(),'" . $ip . "')"; $rs = mysql_query($sql); if (!$rs) { //alertInfo('此收藏已不存在',"usercenter.php?tab=4",0); echo '未知原因,提交失败'; } else { echo '感谢您的关注,我们会尽快开发您周边的餐厅'; }
<?php /** * userintro.php */ require_once "usercheck2.php"; $id = sqlReplace(trim($_GET['id'])); $tel = empty($_GET['tel']) ? '' : sqlReplace(trim($_GET['tel'])); $page = empty($_GET['page']) ? '' : sqlReplace(trim($_GET['page'])); $id = checkData($id, "ID", 0); $sql = "select * from " . WIIDBPRE . "_user where user_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('该用户已经不存在', '', 1); } else { $account = $row['user_account']; $name = $row['user_name']; $mail = $row['user_mail']; $type = $row['user_type']; $logintime = $row['user_logintime']; $loginip = $row['user_loginip']; $logincount = $row['user_logincount']; $phone = $row['user_phone']; $time = $row['user_time']; $score = $row['user_score']; $experience = $row['user_experience']; } //原版 //$url="&start=".$start."&end=".$end."&name=".$name."&phone=".$phone."&order=".$order."&uid=".$id; $url = "&name=" . $name . "&phone=" . $phone . "&uid=" . $id;
<?php /** * 管理员登录 * * @version v0.01 * @create time 2011-5-16 * @update time * @author jiangting * @copyright Copyright (c) 微普科技 WiiPu Tech Inc. (http://www.wiipu.com) */ require_once '../conn/conn2.php'; require_once 'inc_function.php'; $name = sqlReplace(trim($_POST['name'])); $passwd = sqlReplace(trim($_POST['pwd'])); //$code=trim($_POST['code']); $sql = "select * from admin_manage where name='" . $name . "' and passwd='" . md5($passwd) . "' and role=3"; $result = mysql_query($sql); $row = mysql_fetch_array($result); if ($row) { $_SESSION['name'] = $name; $_SESSION['role'] = $row['role']; $sql = "update admin_manage set last_ip=now_ip,now_ip='{$_SERVER[REMOTE_ADDR]}',time=now_time,now_time=NOW(),log_num=log_num+1 where id={$row['id']};"; mysql_query($sql) or die("{$row['id']}"); if ($row['role'] == 1) { $_SESSION["role_area"] = "超级管理员"; } else { if ($row["role"] == 3) { $sql = "select name from mall where id={$row['mall_id']}"; $result = mysql_query($sql) or die("未知原因查询失败"); $mall = mysql_fetch_array($result); $_SESSION["role_area"] = $mall["name"];
<?php /** * area_ajax.php */ require '../include/dbconn.php'; $str = ''; $act = $_POST['act']; if ($act == "circle") { $area_id = sqlReplace(trim($_POST['area_id'])); checkData($area_id, "ÇøÓòID", 0); $sql = "select ac.areacircle_circle,c.circle_name from " . WIIDBPRE . "_areacircle ac," . WIIDBPRE . "_circle c where ac.areacircle_circle=c.circle_id and areacircle_area=" . $area_id; $rs = mysql_query($sql); while ($rows = mysql_fetch_assoc($rs)) { $str .= "<option value='" . $rows['areacircle_circle'] . "'>" . $rows['circle_name'] . "</option>"; } } if ($act == "spot") { $circle_id = sqlReplace(trim($_POST['circle_id'])); $sql = "select spot_id,spot_name from " . WIIDBPRE . "_spot where spot_circle=" . $circle_id; $rs = mysql_query($sql); while ($rows = mysql_fetch_assoc($rs)) { $str .= "<option value='" . $rows['spot_id'] . "'>" . $rows['spot_name'] . "</option>"; } } echo $str;
} if (!(empty($site_wiiyunsalt) || empty($site_wiiyunaccount) || $site_sms != '1')) { // 检测微云码与账号是否正确 $result = $o->checkWiiyunSalt($site_wiiyunsalt, $site_wiiyunaccount); $r_status = $result[0]->status; if ($r_status !== 'no') { $userID2 = $result[0]->id2; //用户ID2 $sms = $o->getSMS($userID2); $s_status = $sms[0]->status; } } $userID2 = $result[0]->id2; $sms = $o->getSMS($userID2); $s_status = $sms[0]->status; $act = empty($_GET['act']) ? '' : sqlReplace(trim($_GET['act'])); $telstr = ''; if ($act == 'yes') { if ($site_sms == '2') { alertInfo('短信功能未开启,请配置', "site_sms.php", 0); } if (empty($_POST["idlist"])) { alertInfo('请选择群发项!', "", 1); } $listall = $_POST["idlist"]; foreach ($listall as $listid) { $sqlStr = "select * from qiyu_user where user_id in({$listid})"; $result = mysql_query($sqlStr); $row = mysql_fetch_array($result); if (!$row) { alertInfo('数据不存在', '', 1);
$str .= "\t\t<p class='cart_intro'><textarea id=\"cart_desc\" class='cart_input'></textarea></p>"; $str .= "\t\t<p class='submit_cart'><img src=\"images/button/addCart1.jpg\" onmouseout=\"checkbg1()\" onmouseover=\"checkbg2()\" mousedown='checkbg3()' id=\"addCartF\" alt=\"\" style='cursor:pointer;' onClick=\"addCart_t_new(" . $shopID . "," . $foodID . "," . $spotID . "," . $circleID . ",'" . $time1 . "','" . $time2 . "')\"/><span><a href='javascript:void();' onClick=\"closeFlow()\">回到餐厅界面</a></span></p>"; $str .= "\t</div>"; echo $str; break; case "getTags": //模板2的餐品口味选择 $shopID = sqlReplace(trim($_POST['shopID'])); $where = ''; $foodID = sqlReplace(trim($_POST['foodID'])); $spotID = sqlReplace(trim($_POST['spotID'])); $circleID = sqlReplace(trim($_POST['circleID'])); $time1 = sqlReplace(trim($_POST['time1'])); $time2 = sqlReplace(trim($_POST['time2'])); $name = sqlReplace(trim($_POST['name'])); $price = sqlReplace(trim($_POST['price'])); $str = "<div id=\"container\">"; $str .= "\t<div id='newCartBox'>"; $str .= "\t\t<div id='c_table'>"; $str .= "\t\t\t<table border='0' width='455'>"; $str .= "\t\t\t\t<tr>"; $str .= "\t\t\t\t\t<td class='menu first td' width='195'>菜名</td>"; $str .= "\t\t\t\t\t<td class='menu' >价格</td>"; $str .= "\t\t\t\t</tr>"; $str .= "\t\t\t\t<tr>"; $str .= "\t\t\t\t\t<td class='main first td'>" . $name . "</td>"; $str .= "\t\t\t\t\t<td class='main'>" . $price . "</td>"; $str .= "\t\t\t\t</tr>"; $str .= "\t\t\t</table>"; $str .= "\t\t</div>"; $str .= "<div id=\"cart_needs\"><span class='span span_need'>口味需求:</span>";
<?php /** * food.php */ require_once "usercheck2.php"; $type = sqlReplace($_GET['type']); if ($type == '1') { $title = '营业执照'; } else { if ($type == '2') { $title = '卫生许可证'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="../style.css" type="text/css"/> <script src="../js/jquery-1.3.1.js" type="text/javascript"></script> <script src="../js/tree.js" type="text/javascript"></script> <script type="text/javascript" src="js/upload.js"></script> <script type="text/javascript"> <!-- function ajaxFileUpload() { $.ajaxFileUpload ( { url:'shop_cartpicup1.php',
$worksheet->write($i, 9, $getvalue); $i += 1; } $worksheet->write($i, 0, '总计'); $worksheet->write($i, 1, ''); $worksheet->write($i, 2, ''); $worksheet->write($i, 3, ''); $worksheet->write($i, 4, ''); $worksheet->write($i, 5, $orderDeliverTotal); $worksheet->write($i, 6, $orderALLTotal1); $worksheet->write($i, 7, $orderMoneyTotal1); $worksheet->write($i, 8, $spendvalueTotal1); $worksheet->write($i, 9, $getvalueTotal1); $workbook->close(); $str = "S"; break; case "sendcode": $phone = sqlReplace(trim($_POST['phone'])); $vercodePhone = getRndCode_r(6); $content = "验证码是" . $vercodePhone; $sql = "update qiyu_shop set shop_code='" . $vercodePhone . "' where shop_id=" . $QIYU_ID_SHOP; if (mysql_query($sql)) { //发送验证码 sendCode($phone, $content); $str = "S"; } else { $str = "E"; } break; } echo $str;
for ($x = 1; $x <= $i; $x++) { $id = $_POST['id' . $x]; $order = $_POST['order' . $x]; $sql = "update " . WIIDBPRE . "_food set food_order=" . $order . " where food_id=" . $id; if (!mysql_query($sql)) { alertInfo('未知原因保存失败! ', "foodspecial_list.php", 0); } } alertInfo('保存排序成功!', "", 1); break; case "card1": $upfile1 = sqlReplace(trim($_POST['upfile'])); checkData($upfile1, '营业执照', 1); $sql = "update qiyu_shop set shop_certpic='" . $upfile1 . "',shop_certtime=now() where shop_id=" . $QIYU_ID_SHOP; if (mysql_query($sql)) { alertInfo("提交成功", "shopcard.php", 0); } else { alertInfo("提交失败", "", 1); } break; case "card2": $upfile2 = sqlReplace(trim($_POST['upfile'])); checkData($upfile2, '卫生许可证', 1); $sql = "update qiyu_shop set shop_licensepic='" . $upfile2 . "',shop_licensetime=now() where shop_id=" . $QIYU_ID_SHOP; if (mysql_query($sql)) { alertInfo("提交成功", "shopcard.php", 0); } else { alertInfo("提交失败", "", 1); } break; }
<?php /** * shoporder.php */ require_once "usercheck2.php"; $key = sqlReplace(trim($_GET['key'])); $keyword = empty($_GET['keyword']) ? '' : sqlReplace(trim($_GET['keyword'])); $start = empty($_GET['start']) ? '' : sqlReplace(trim($_GET['start'])); $end = empty($_GET['end']) ? '' : sqlReplace(trim($_GET['end'])); $url = "?key=" . $key . "&keyword=" . $keyword . "&start=" . $start . "&end=" . $end; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="../style.css" type="text/css"/> <script src="../js/jquery-1.3.1.js" type="text/javascript"></script> <script src="../js/tree.js" type="text/javascript"></script> <title>订单管理 - 外卖点餐系统</title> </head> <body> <script type="text/javascript"> <!-- function updateOrder(orderID){ var content="<tr id='update'"+orderID+" class='addtr'><td colspan='8' class='border_left border_bottom border_right order1' style='padding:10px;'><textarea name=\"content\" style=\"width:350px;height:100px;\" id='orderIntro'></textarea> <p><a href='javascript:void();' onClick=\"addOrderIntro("+orderID+")\"><img src=\"../images/button/update.jpg\" /></a></p></td></tr>"; $('.addtr').remove(); $(content).insertAfter('#table'+orderID); } function addOrderIntro(id){
<?php /** * shopreg_do.php */ require_once "../include/dbconn.php"; $act = sqlReplace(trim($_GET['act'])); switch ($act) { case "login": $account = sqlReplace(trim($_POST['account'])); $pwd = sqlReplace(trim($_POST['pw'])); checkData($account, '用户名', 1); checkData($pwd, '密码', 1); $code = sqlReplace(trim($_POST["imgcode"])); //验证码 if (empty($code)) { alertInfo('验证码不能为空', "", 1); } if ($code != $_SESSION['imgcode']) { alertInfo('验证码不正确,请检查!', "", 1); } $sql = "select * from qiyu_shop where shop_account='" . $account . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $salt = $rows['shop_salt']; $pw = md5(md5($pwd) . $salt); $sqlStr = "select * from qiyu_shop where shop_account='" . $account . "' and shop_password='******'"; $rs_r = mysql_query($sqlStr); $row = mysql_fetch_assoc($rs_r); if ($row) {
<?php /** * food.php */ require_once "usercheck2.php"; $tel = empty($_GET['tel']) ? '' : sqlReplace(trim($_GET['tel'])); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="../style.css" type="text/css"/> <script src="../js/jquery-1.3.1.js" type="text/javascript"></script> <script src="../js/tree.js" type="text/javascript"></script> <script type="text/javascript" src="js/upload.js"></script> <title>消费排行分析 - 外卖点餐系统</title> </head> <body> <div id="container"> <?php require_once 'header.php'; ?> <div id="main"> <div class="main_content"> <div class="main_top"></div> <div class="main_center main_center_r"> <div id="shopLeft"> <?php require_once 'left.inc.php'; ?>
<?php /** * usercheck2.php */ require '../include/dbconn.php'; require 'inc.function.php'; if (!empty($_SESSION['qiyu_shopID'])) { $QIYU_ID_SHOP = $_SESSION['qiyu_shopID']; } else { if (!empty($_COOKIE['QIYUSHOP'])) { $temp_user = sqlReplace($_COOKIE['QIYUSHOP']); $temp_pwd = sqlReplace($_COOKIE['QIYUSHOPVERD']); $sqlStr = "select shop_id,shop_password,shop_salt from qiyu_shop where shop_account='" . $temp_user . "'"; $result = mysql_query($sqlStr); $row = mysql_fetch_assoc($result); if ($row) { if ($temp_pwd == md5($row['shop_password'] . $row['shop_salt'])) { $_SESSION['qiyu_shopID'] = $row['shop_id']; $QIYU_ID_SHOP = $row['shop_id']; } else { $QIYU_ID_SHOP = ""; } } else { $QIYU_ID_SHOP = ""; } } else { $QIYU_ID_SHOP = ""; } } if (empty($QIYU_ID_SHOP)) {
$rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $vercode = getRndCode(6); $pw = md5(md5($pw . $vercode)); $sqlStr = "update qiyu_user set user_password='******',user_salt='" . $vercode . "' where user_phone='" . $phone . "'"; mysql_query($sqlStr); alertInfo("修改成功,请登录", "userlogin.php", 0); } else { alertInfo("手机号不存在", "userpw.php", 0); } break; case "vali": $shopID = sqlReplace($_GET['shopID']); $phone = sqlReplace($_POST['phone']); $code = sqlReplace($_POST['code']); $sql = "select * from qiyu_user where user_phone='" . $phone . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { if ($code == $rows['user_vcode']) { $sqlStr = "update qiyu_user set user_vcode='',user_status='1' where user_phone='" . $phone . "'"; mysql_query($sqlStr); Header("Location: userorder.php?shopID=" . $shopID); } else { alertInfo("验证码错误", "", 1); } } else { alertInfo("手机号不存在", "", 1); } break;
$smsCount = $sms[0]->count_m; } } if (empty($userID2)) { alertInfo('短信未配置,请配置', "site_sms.php", 0); } $tags = sqlReplace(trim($_POST['receiver'])); //收件人 $tags = str_replace(';', ';', $tags); $tags = str_replace('#', '', $tags); $tags = str_replace('$', '', $tags); //$total=sqlReplace(trim($_GET['total']));//此次发送的数量 $emailstr = sqlReplace(trim($_POST['receiver'])); //收件人 $emailstr = str_replace(';', ';', $emailstr); $content = sqlReplace(trim($_POST['fbContent'])); //短信内容 checkData($emailstr, '收件人', 1); checkData($content, '短信内容', 1); //对收件人$emailstr进行处理 $alltel = ''; $tgs = ''; if ($emailstr) { $emailarr = explode(';', $emailstr); $i = 0; $j = 0; $total = 0; foreach ($emailarr as $t) { if ($t) { $email = ''; $tg = '';
<?php /** * userorderintro.php 订单详情页 */ require_once "usercheck2.php"; $id = sqlReplace(trim($_GET['id'])); $key = empty($_GET['key']) ? 'new' : sqlReplace(trim($_GET['key'])); $POSITION_HEADER = "用户中心"; $sql = "select * from qiyu_shop,qiyu_order where (order_shop=shop_id2 or order_shopid=shop_id) and order_id=" . $id; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $shopName = $rows['shop_name']; $orderAddtime = $rows['order_addtime']; $orderStatus = $rows['order_status']; $order = $rows['order_id2']; $orderPriceAll = $rows['order_totalprice']; $orderTotal = $rows['order_price']; $deliverFee = $rows['order_deliverprice']; $orderInfor = $rows['order_infor']; $orderText = $rows['order_text']; $spot = $rows['order_spot']; $circle = $rows['order_circle']; $orderType = $rows['order_type']; $orderTime1 = $rows['order_time1']; $orderTime2 = substr($rows['order_time2'], 0, 5); } else { alertInfo('非法操作', 'index.php', 0); } ?>
break; case 'update': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_POST['id'])); $title = sqlReplace(trim($_POST['title'])); $content = sqlReplace(trim($_POST['content'])); if ($id == "") { alertInfo('Illegal operation', 'list.php', 0); } $sql_update = "update articles set title='{$title}',content = '{$content}' where aid = " . $id; if (mysql_query($sql_update)) { alertInfo('The article added successful', 'list.php', 0); //echo $content; //alertInfo('修改成功!','list.php',0); } else { alertInfo('Modify failure!', '', 1); } break; case 'del': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_GET['id'])); if ($id == "") { alertInfo('Illegal operation', 'list.php', 0); } $sql_del = "delete from articles where aid = {$id}"; if (mysql_query($sql_del)) { alertInfo('Deleted successful', 'list.php', 0); //echo $content; } break; }
if (!$row) { alertInfo('您要删除的数据不存在', '', 1); } else { $sql2 = "delete from qiyu_about where about_id=" . $id; if (mysql_query($sql2)) { alertInfo('删除成功', 'about.php', 0); } else { alertInfo('删除失败,原因SQL出现异常', '', 1); } } break; case "edit": $id = sqlReplace(trim($_GET['id'])); $id = checkData($id, "ID", 0); $title = sqlReplace(trim($_POST['title'])); $type = sqlReplace(trim($_POST['about_type'])); if ($type == '1') { $c = $_POST['about_content']; } else { $c = $_POST['about_href']; } $content = $c; $content = str_replace("'", "'", $content); $content = str_replace("<br />", "</p><p>", $content); //检验数据的合法性 checkData($title, '标题', 1); $sql = "select * from " . WIIDBPRE . "_about where about_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('非法操作', 'about_list.php', 0);
$print = sqlReplace(trim($_POST['yunprint'])); $num = sqlReplace(trim($_POST['yunprintnum'])); $sql = "update qiyu_site set site_yunprint='" . $print . "',site_yunprintnum='" . $num . "'"; if (mysql_query($sql)) { alertInfo('操作成功', '', 1); } else { alertInfo('出错', '', 1); } break; case "other": $onlinechat = sqlReplace(trim($_POST['onlinechat'])); $iscartfoodtag = sqlReplace(trim($_POST['iscartfoodtag'])); $cartfoodtag = sqlReplace(trim($_POST['cartfoodtag'])); $stat = sqlReplace(trim($_POST['stat'])); $sql = "update qiyu_site set site_onlinechat='" . $onlinechat . "',site_stat='" . $stat . "',site_iscartfoodtag='" . $iscartfoodtag . "',site_cartfoodtag='" . $cartfoodtag . "'"; if (mysql_query($sql)) { alertInfo('操作成功', '', 1); } else { alertInfo('出错', '', 1); } break; case "print": $print = sqlReplace(trim($_POST['yunprint'])); $sql = "update qiyu_site set site_yunprint='" . $print . "'"; if (mysql_query($sql)) { alertInfo('操作成功', '', 1); } else { alertInfo('出错', '', 1); } break; }
<?php /** * shopadd.php */ require_once "usercheck2.php"; $act = $_GET['act']; switch ($act) { case "index": $title = sqlReplace($_POST['title']); $keywords = HTMLEncode($_POST['keywords']); $description = HTMLEncode($_POST['description']); $sql = "update " . WIIDBPRE . "_seo set seo_title='" . $title . "', seo_keywords='" . $keywords . "',seo_description='" . $description . "' where seo_type=1"; if (!mysql_query($sql)) { alertInfo('未知原因保存失败! ', "", 1); } else { alertInfo('保存成功!', "seo.php", 0); } break; }
<?php ob_start(); set_time_limit(0); //时间限制解除 require_once '../inc_function.php'; require_once '../../conn/config.php'; $home_path = HOME_PATH; $url = "/waimai/android/download/"; //app上传路径 $type = sqlReplace(trim($_GET['type'])); $info = ''; $fileElementName = 'file'; //检查上传文件是否有问题 if (!empty($_FILES[$fileElementName]['error'])) { switch ($_FILES[$fileElementName]['error']) { case '1': $info = 'E|Upload file size is more than the limit system.'; break; case '3': $info = 'E|Upload file error process.'; break; case '4': $info = 'E|No file selected'; break; case '6': $info = 'E|System error: there is no temporary folder.'; break; case '7': $info = 'E|System error: error writing file.'; break; default:
<?php /** * usercheck.php */ require 'include/dbconn.php'; $QIYU_USER_ACCOUNT = ''; if (!empty($_SESSION['qiyu_uid'])) { $QIYU_ID_USER = $_SESSION['qiyu_uid']; } else { if (!empty($_COOKIE['QIYUUSER'])) { $temp_user = sqlReplace($_COOKIE['QIYUUSER']); $temp_pwd = empty($_COOKIE['QIYUVERD']) ? '' : sqlReplace($_COOKIE['QIYUVERD']); $sqlStr = "select user_id,user_password from qiyu_user where user_account='" . $temp_user . "'"; $result = mysql_query($sqlStr); $row = mysql_fetch_assoc($result); if ($row) { if (!empty($temp_pwd)) { if ($temp_pwd == $row['user_password']) { $_SESSION['qiyu_uid'] = $row['user_id']; $QIYU_ID_USER = $row['user_id']; } else { $QIYU_ID_USER = ""; } } else { $QIYU_USER_ACCOUNT = $temp_user; $QIYU_ID_USER = ""; } } else { $QIYU_ID_USER = ""; }
<td width="85" class='center'>订单总额</td> <td width="85" class='center'>现金支付</td> <td width="85" class='center'>饭点支付</td> <td width="85" class='center'>订单返点</td> </tr> <?php $where1 = ''; $orderDeliverTotal = empty($_GET['DeliverTotal']) ? 0 : sqlReplace(trim($_GET['DeliverTotal'])); //送餐费 $orderALLTotal1 = empty($_GET['ALLTotal1']) ? 0 : sqlReplace(trim($_GET['ALLTotal1'])); //订单总额 $orderMoneyTotal1 = empty($_GET['MoneyTotal1']) ? 0 : sqlReplace(trim($_GET['MoneyTotal1'])); //现金 $getvalueTotal1 = empty($_GET['valueTotal1']) ? 0 : sqlReplace(trim($_GET['valueTotal1'])); //得到返点 $spendvalueTotal1 = empty($_GET['spendvalueTotal1']) ? 0 : sqlReplace(trim($_GET['spendvalueTotal1'])); //消费饭点 //$scoreTotal=empty($_GET['scoreTotal'])?0:sqlReplace(trim($_GET['scoreTotal'])); $pagesize = 20; $startRow = 0; if ($searchType1 == '1') { if (!(empty($start1) || empty($end1))) { $where1 .= " and date(order_addtime) >= '" . $start1 . "' and date(order_addtime) <= '" . $end1 . "'"; } elseif (!empty($start1) && empty($end1)) { $where1 .= " and date(order_addtime) >= '" . $start1 . "'"; } elseif (empty($start1) && !empty($end1)) { $where1 .= " and date(order_addtime) <= '" . $end1 . "'"; } } $sql = "select order_id from qiyu_order where order_shopid='" . $QIYU_ID_SHOP . "' " . $where1 . " and order_status='4'"; $rs = mysql_query($sql) or die("查询失败,请检查SQL语句。");
<?php require_once "usercheck2.php"; $pw = sqlReplace(trim($_POST['pw'])); $newpw = sqlReplace(trim($_POST['newpw'])); $repw = sqlReplace(trim($_POST['repw'])); checkData($pw, '原密码', 1); checkData($newpw, '新密码', 1); if ($newpw != $repw) { alertInfo("两次密码不一致", "", 1); } $check_sql = "select user_password,user_salt from " . WIIDBPRE . "_user where user_id=" . $QIYU_ID_USER; $check_rs = mysql_query($check_sql); $check_row = mysql_fetch_assoc($check_rs); if (!$check_row) { alertInfo('非法用户', '', 1); } else { $oldpw = md5(md5($pw . $check_row['user_salt'])); if ($oldpw != $check_row['user_password']) { alertInfo('原密码输入不正确', '', 1); } else { $upd_sql = "update " . WIIDBPRE . "_user set user_password='******'user_salt'])) . "' where user_id=" . $QIYU_ID_USER; if (mysql_query($upd_sql)) { alertInfo('修改成功', 'usercenter.php', 0); } else { alertInfo('修改失败', '', 1); } } }
* @informaition */ require_once "usercheck.php"; $_SESSION['login_url'] = getUrl(); $_SESSION['qiyu_orderType'] = ''; $shopID = $SHOPID; $spotID = empty($_GET['spotID']) ? '0' : sqlReplace(trim($_GET['spotID'])); $circleID = empty($_GET['circleID']) ? '0' : sqlReplace(trim($_GET['circleID'])); $activeID = empty($lableID2) ? empty($ftID2) ? '' : $ftID2 : $lableID2; $lableID = empty($_GET['lableID']) ? 0 : sqlReplace(trim($_GET['lableID'])); $ftID = empty($_GET['ftID']) ? 0 : sqlReplace(trim($_GET['ftID'])); $browse = empty($_GET['see']) ? '' : sqlReplace(trim($_GET['see'])); //商家在置顶管理浏览的标示 $isFirst = empty($_GET['first']) ? '' : sqlReplace(trim($_GET['first'])); //是否点击左边的分类的标示 $ftID = empty($_GET['ftID']) ? 0 : sqlReplace(trim($_GET['ftID'])); //菜的大类id $isRMD = getShopRmd($browse, $shopID); $deliverfee = ''; $sendfee = ''; $deliverfee_r = ''; $sendfee_r = ''; $cur_cart_array = empty($_COOKIE['qiyushop_cart']) ? '' : $_COOKIE['qiyushop_cart']; $_SESSION['user_url'] = getUrl(); $sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $shop_name = $rows['shop_name']; $shop_id2 = $rows['shop_id2']; $tel = $rows['shop_tel'];
<?php /** * userorder.ajax.php 修改默认地址 修改电话 添加新地址 */ require_once "usercheck.php"; $act = sqlReplace(trim($_GET['act'])); date_default_timezone_set('PRC'); switch ($act) { case "checkOpen": $day_str = date("Y-m-d"); $time_now = strtotime(date("H:i:s")); $night = strtotime('16:00:00'); $morning = strtotime('09:00:00'); if ($time_now >= $night || $time_now < $morning) { echo "N"; } else { echo "S"; } break; }